Linode, you need a spam filter

I got this usual money scam email not directly, but via Linode Forum! Who even deploys Web applications without basic spam protection?!

Hello nileshgr,

The following is an email sent to you by joy kone via your account on
“Linode Forum”. If this message is spam, contains abusive or other comments
you find offensive please contact the webmaster of the board at the
following address:

https://forum.linode.com/memberlist.php?mode=contactadmin

Include this full email (particularly the headers). Please note that the
reply address to this email has been set to that of joy kone.

Message sent to you follows
~~~~~~~~~~~~~~~~~~~~~~~~~~~

From: Joy Kone

I have sent you this e-mail because of the need to open discussions with
you. I don’t want you to misunderstand this offer in any aspect…if it is
okay with you, I ask for your full cooperation. I have contacted you base
on trust to handle an investment in your country/company on my behalf as a
prospective partner.

My name is Joy Kone. a citizen but resides here . It might interest you to
know that I have US$10.500,000.00 deposited with a financial institution to
be invested in your country/company. It is pertinent to let me know if you
can handle this fund/investment with you in your country so as to furnish
you with all the necessary details about the financial institution for more
information. Meanwhile, i am very honest in my dealings with people and I
also demand the same from you as a Partner to be. Can I trust you with this
fund?

I want you to note that this is a mutual business venture as t here is a
reward for your assistance. I shall let you know your benefit for your
assistance as we proceed. For a more comprehensive details and source of
fund, please contact me as soon as possible. If you find this letter
offensive, please ignore it and accept my apologies.

Regards,
Joy Kone

Okay I received a reply from someone working at Linode, apparently it is possible to turn off the ability of others to send email to you via the forum:

Advertisements

A networking insight into the past

Back in 2007-2008, when I was just starting out with Linux geekery I had an ISP connection which was working fine for almost a year. Previously I was a Windows user and the hardware I used to run Windows XP was a Pentium 3 with 384 MB RAM.

Now I don’t know whether it was the hardware or issues with Windows itself that caused me so much frustration sufficient to make me move to Linux. After switching to Linux, things had become smooth so it was probably not the hardware. Perhaps the hardware was insufficient to run XP although it was slightly better than the recommended hardware specification at that time.

So yeah, this ISP had installed a telephone wire into my house and provided me an ADSL modem. In those days, it was rather uncommon to have multiple devices at home at least in India, so they had a policy of allowing only one PC at a time to use the Internet. My networking knowledge was pretty limited at that time so I never thought about how or why it was like that.

Then dad’s workplace assigned him a laptop and that’s when there were two devices at home that required Internet. Again due to limited knowledge of networking and Linux, I got a long LAN cable so that dad’s laptop could be wired to the modem having a single Ethernet port. A couple of times this plugging/unplugging; we got tired of it and then bought an unmanaged switch. That helped solve the cabling issue, but still two computers couldn’t use the Internet at the same time. I used to log out when my dad wanted to use Internet and vice versa. The switch model worked because the modem provided by the ISP was in bridge mode as per the settings I found out by poking around.

Both the machines were Windows XP initially. Then I switched to Linux and configured a simple DHCP based Ethernet connection to use Internet and it worked fine. The wizards helped me and the authentication mechanism was to login to the ISP using a Web page you got redirected to once you opened some site after acquiring a lease. But one day, all of a sudden the Internet stopped working on my Linux box. A quick observation was that it worked fine in Windows. Numerous calls to the ISP’s call center and as usual a clueless response by them (this continues even today to some extent) but they eventually sent their technician who couldn’t solve the problem either. Then we switched ISP.

Over the seven years after this I have learned a lot of Linux and Networking and worked in real life scenarios. But today while chatting with my friend Nikhil about ISPs and their reviews, I recalled this issue and now I can make sense why it wasn’t working. Reason is simple, routers generally contain Embedded Linux. In DHCP there’s a field mentioning what OS or which client is it (like a Web browser sends user agent to every website). This cunning ISP wanted to make money by selling their own routers and charging more for allowing multiple computers to use Internet at the same time so they decided to block all Linux DHCP clients (probably excluding their own) because every Linux box is a potential NAT box! It is possible to use Windows as a NAT box as well, but then they had no choice. If they blocked windows nobody would use their services 😂😂

CloudFlare Dynamic DNS using OpenWRT

I use dynamic DNS for my home internet connection so that I can access the machines from anywhere on the internet. And I use OpenWRT on my router. Earlier I was using Namecheap for managing DNS but I switched to CloudFlare for performance and security reasons of the website.

Unfortunately CloudFlare doesn’t support updating IP via shell script — well, it sort of does but the JSON stuff gets very messy with quoting in shell scripts, so I wrote a Lua script to update my IP whenever my PPPoE connection starts up; I have dropped the script in /etc/ppp/ip-up.d  so it gets executed by pppd whenever my connection comes up. You can run this script via cron or put it /etc/hotplug  if you wish to. This script uses LuaSocket, LuaSec, JSON4Lua and libubus-lua libraries that are easily installable on an OpenWRT router with 4 MB flash memory.

Now I can have the benefits of CloudFlare without losing out on DDNS :D. Here’s the code:

Suggestions? Post in comments or fork on GitHub.

The Proxy ARP method of routing subnets to solve the docker networking problem

Recently I discovered something called Proxy ARP. I had seen this earlier in sysctl options but never understood it and why would someone need it, until one day I worked in a networking setup which used this to route traffic from the machine to the Internet. It’s an interesting technique and can solve a big problem when you want to use the currently popular tool, docker in your LAN subnet that has DHCP without having to do some other stuff like port forwarding when trying to give access to others.

Continue reading “The Proxy ARP method of routing subnets to solve the docker networking problem”

The PC reset problem with Active PFC SMPS and UPS

I have a desktop machine with a Corsair SMPS which has active power factor correction. I had a Luminous 675 VA UPS before buying my new desktop machine with this SMPS. The cheapo power supplies available in India (which cost a fourth of the cost of branded ones like Corsair, etc) do not employ power factor correction.

When I was deciding on the configuration of my machine, I decided to buy the latest Intel i5 (i5-4670). The processor had been launched just around a month or two ago. I also bought Gigabyte motherboard and Corsair cabinet after recommendations from many geeky friends I know online who have built their own desktops. They also suggested me that since I was already spending a lot on the machine, I should definitely go for a branded SMPS in order to protect the components instead of going for a cheap one and risk the components.

I did not know that there were compatibility issues with UPSes and Active PFC power supplies. This came to light when my computer started restarting whenever there was a power changeover by the UPS because of high voltage in the input or a general power failure. Because this wasn’t happening for almost 1 year after I bought my computer, I thought something was wrong with my UPS. So I called up Luminous support and they sent an engineer for inspection. He found that the battery terminals had corroded. The Luminous UPS I have supports those big batteries (12V / 100 Ah is the battery I was using) and it claims to be sine wave UPS. He then cleaned them up and things seemed to be back to normal (they just seemed, also known as placebo effect :P). The problem returned back after a few days.

I even tried giving my SMPS for a warranty repair to be sure that the issue is with my UPS and not with the SMPS. Then I started researching about this. I found that this was a known problem (involving big brands like APC!) and the reason was certain PSUs expected pure sine wave at the input but the UPS available in market were outputting modified sine wave, and that’s apparently the oscillator circuit for which is far cheaper and easier to design compared to pure sine wave (Pure sine wave is what you get from the power supply company at homes). I still don’t know if the real cause of the PC getting reset during a changeover is because of the sine wave / square wave thing or it’s because the switch time of the UPS is higher. But if it was a delay, it should happen every time there is a changeover which wasn’t the case.

This clearly indicated that whenever the power waveform at the UPS had an unexpected form, the SMPS was cutting supply to my PC. During the research, I came to know about the kinds of UPS. There are basically two kinds of UPS, one is line interactive UPS and another is online UPS. The difference between the two is that a line interactive UPS will supply AC power directly from the power socket it is connected to as long as there is power and a relay like mechanism is used to switch to battery when there’s an input power failure whereas an online UPS supplies power from the battery all the time. Whenever there is input power available, it will charge the battery. There’s zero switch over time in case of online UPS, while for line-interactive UPS it’s 10-15 ms.

I asked my inverter vendor if he had online UPS and I got shocked when he told me the price for a 600 VA online UPS: ₹25000. That’s way too much for me. Line interactive UPS of the same size costs less than half of that price. So I started manually using the UPS in battery mode whenever I was working on my computer. But this problem needed a solution. So yesterday, I bought a second-hand UPS for ₹250 (yes, that cheap. New ones cost around ₹2000) which supported 600 VA load at output, but the charger inside it cannot charge big batteries. I decided to use my bigger line-interactive UPS as a charger for the battery while this thing will power my computer.

I just bought two wires for connecting the battery and this new UPS. I also added a fan to inside the new UPS’s enclosure to keep the transformer cool as I had the experience of cooking up the transformer during this experiment in another 15-year-old UPS I had. Now things are smooth. Apparently 12V battery chargers are available for ₹4000 on eBay. So why is an online UPS so expensive?! That remains a mystery to me.

IMG_20150322_090659

Remote desktop server XRDP on Linux Mint, Ubuntu

If you’d like to access your Linux desktop over the network from anywhere in the world, or just want to share your computer’s resources on the LAN by giving all users accounts on your computer, you can set up a remote desktop server. It is quite easy to do so, and the best part is that it is compatible with the remote desktop client on Windows too, thanks to the software called XRDP which talks Remote Desktop Protocol (RDP).

Are you surprised that a blog that usually used to talk about Gentoo, is now posting about Ubuntu? Well, I made switch on my personal machine to Linux Mint Cinnamon because I was bored with Gentoo. I have nothing against Gentoo, and I still love it. It’s the perfect distribution if you want to customize your OS to the core.

If you are going with Linux Mint, I’d highly recommend the MATE desktop. MATE is basically a fork of the original GNOME 2 project. GNOME 3 / Cinnamon / Unity won’t work with XRDP because they rely on 3D graphics which is not possible (yet) on X11RDP or Xvnc (correct me if I’m wrong). You could also go with the other desktop environments like XFCE or LXDE if you prefer. Even KDE works fine in the remote desktop environment because it does not solely rely on 3D graphics.

Continue reading “Remote desktop server XRDP on Linux Mint, Ubuntu”

FreeBSD IPFW NAT and Jails

IPFW in FreeBSD has built-in support for NATing and the configuration syntax is same as that of natd. It took me quite some time to figure out how to NAT for jails while ensuring that certain jails can have public IPs.

Configure the nat on one of the IP addresses:

When using stateful firewall, the NAT rule for incoming traffic must appear before check-state:

Other rules (service ports) can be placed below this:

Then the NAT rule for outgoing traffic:

Notice above, I am NATing only traffic that comes from 10.0.0.0/8 . I allocate jails an IP on that subnet (unless I need a public IP for the jail). If the source is not mentioned in the rule, it will NAT even public IPs!

And finally, the outgoing ports:

The catch here is that we jump to the NAT rule only if the traffic comes from 10.0.0.0/8 . If the traffic is coming from somewhere else (for example, a public IP allocated to one of the jails), it will hit the second rule and directly allow it.

Make sure you have the rule to allow loX traffic if you have separate clone interfaces for each jail.

Final touches:

The firewall script ipfw.rules must to contain other rules for services, icmp, etc not mentioned here.
Everything working smoothly now – ip4 from private jails, ip4 and ip6 from others 😀

A Linux geek’s experience with Windows 8.1

End of October, my Nexus 4 died, apparently due to a bad battery. What happened was the phone switched off automatically (not the low battery switch off, but at some random % > 50) while using a couple of times. That ended up getting worse by corrupting something leaving the cell radio in a non working condition. There’s no IMEI number, no baseband version and any Android version > 4.2.2 doesn’t boot.

A bit of research on Google yielded not much information. I took it to the service centre and they told me the motherboard would’ve to be replaced which was costing me ₹10000. That’s too much to pay for a 2 year phone especially when you get a completely new phone for that price (well, may be a bit more than that). Meanwhile I found a thread on xda which revealed an de-bricking method using some proprietary LG tools, which unfortunately worked only on Windows. This was a big disappointment for me, but that’s well-known fact that Windows has more market share in PCs than anything else.

I had to try it anyhow, so I first tried playing with VirtualBox’s and QEMU-KVM’s USB Passthrough on my old Windows XP VM (I had it around for working on college stuff… education curriculum in India is highly closed source-agnostic, to the extent some computer engineers won’t even know that there exists an OS called GNU/Linux!), which failed. It works for simple storage devices though, but for some reason the serial device (it comes up as ttyACM0) in the download mode (in which mode the LG tool will send a firmware image) couldn’t be accessed properly in the virtual machine. So I decided to buy a Windows 8.1 key from Microsoft Store, I was kind of sceptical about Windows since I left it back in 2007 because of constantly nagging problems like malware, random slowdowns, freezes, etc and shifted to Linux. Thanks to my student account I was able to buy it at a discounted rate of ₹3499 as opposed to the usual rate of ₹19k for the Pro version. I also noticed that they have a 14 day return policy, so I was a bit okay with the spending.

My hardware configuration is pretty simple, I just have desktop with i5-4670, 8 GB Corsair, 1 Samsung SSD and 2 HDD (WD, Seagate). The HDDs are in RAID0 striping in Linux and deliver good performance compared to a single HDD (read speeds are around 190 MB/s). There are two reasons for having such a simple configuration – first, I don’t game and second, excellent Linux compatibility. I had a thought of gaming since a long time, but never had the courage to face Windows (well, after being used to Linux for 5+ years, I doubt anybody will) and hence never played games.

So, let’s put the hand in lion’s mouth.

Continue reading “A Linux geek’s experience with Windows 8.1”

FreeBSD ipfw: add_dyn_rule: Cannot allocate rule

One of the servers I run has FreeBSD 10. It hosts a high traffic Magento site. Magento being a very heavy application, requires a dedicated server. The site’s performance is very bad when it is hosted on VPS — or perhaps that depends on provider / needs tuning. Not my site. My task was to move it to dedicated server so I don’t have to consider all that stuff.

As someone new to FreeBSD, I try to stick to tools and utilities that are provided by FreeBSD itself and do not rely on those provided by other BSDs. This rule is quite flexible, but I can’t cite examples of relying on tools by other BSDs that I’m using right now. So, naturally, for firewall I chose IPFW which is FreeBSD’s own firewall. The other firewalls supported by FreeBSD are PF (which comes from OpenBSD) and IPFilter (which comes from NetBSD).

Continue reading “FreeBSD ipfw: add_dyn_rule: Cannot allocate rule”

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: